Enabling Log And Alarm Functions For Potential Attacks; Checking The Configuration - Huawei Quidway S9300 Configuration Manual

4 ARP Security Configuration
By default, the S9300 does not learn ARP entries when receiving DHCP ACK messages. When
the traffic passes, ARP learning is triggered.
----End

4.4.7 Enabling Log and Alarm Functions for Potential Attacks

Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
arp anti-attack log-trap-timer time
Log and alarm functions are enabled for potential attacks.
time specifies the interval for writing an ARP log and sending an alarm. By default, the value is
0, indicating that log and alarm functions are disabled.
----End

4.4.8 Checking the Configuration

Prerequisite
The configurations of ARP anti-attack are complete.
Procedure
l
l
l
----End
Example
Run the display arp anti-attack configuration all command, and you can view the
configuration of ARP anti-attack.
<Quidway> display arp anti-attack configuration all
ARP anti-attack entry-check mode: fixed-MAC
4-12
NOTE
To use the arp learning dhcp-trigger command, ensure that the DHCP relay function is enabled on
l
the VLANIF interface.
If the DHCP user and DHCP server are located on the same network segment, you cannot use the arp
l
learning dhcp-trigger command.
Run the display arp anti-attack configuration { entry-check | gateway-duplicate | log-
trap-timer | all } command to check the configuration of ARP anti-attack.
Run the display arp anti-attack gateway-duplicate item command to check information
about bogus gateway address attack on the network.
Run the display arp anti-attack check user-bind interface interface-type interface-
number command to check the configuration of the binding table for checking ARP packets.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Issue 01 (2009-07-28)